1 results (0.003 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0
CVE-2015-9455 – BuddyPress Activity Plus <= 1.5 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-9455
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action. El plugin buddypress-activity-plus versiones anteriores a 1.6.2 para WordPress, presenta una vulnerabilidad de tipo CSRF con un salto de directorio resultante por medio del parámetro bpfb_photos[] del archivo wp-admin/admin-ajax.php en una acción bpfb_remove_temp_images. • https://security.dxw.com/advisories/csrf-and-arbitrary-file-deletion-in-buddypress-activity-plus-1-5 https://wordpress.org/plugins/buddypress-activity-plus/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •